[DC LoCo] thoughs about a tool to verify certain PPAs

Kenneth Stailey kstailey at yahoo.com
Tue Oct 12 13:23:28 BST 2010


Many PPAs are simply the upstream source plus the "debian" directory.

It should not be so hard to write a tool that could download the upstream providers source code and the source code from a PPA and run a diff on them.

It would help prove that there's no monkey business in someone's PPA.

You still would have to ascertain that the debian/rules etc. do not have malware in them.

But would it be a step in the right direction?



More information about the Ubuntu-us-dc mailing list